the it guide to managing shadow it

The IT Guide to Managing

Shadow IT

86% of cloud applications used by enterprises are unsanctioned by IT

What Does Shadow IT Look Like?

Source: Cloud Adoption & Risk Report in North America & Europe - 2014 Trends. CipherCloud. February 2015.

Shadow IT Has Its Downsides

Shadow IT has gotten a bad reputation, largely because shadow applications:

● Are siloed applications, presenting missed opportunities for valuable integrations

● Are typically poorly managed since users are the admins● Put corporate data at risk by tying it directly to employee

tenure and by potentially violating security policies

But Shadow IT Can Add ValueWhen managed properly, shadow IT helps add value by:

● Improving the working experience for internal customers● Increasing productivity and flexibility● Empowering users to act as decision makers in solving their

daily challenges● Providing IT with firsthand insight

into user needs

Capitalize on Shadow IT’s Value

Shadow IT is going to happen, so you need to make the most of it.

Create a balance between users finding solutions to fulfill their needs and putting IT in control.

Achieving the Balance

Don’tLockdown shadow IT and become stricter. Doing so will push

this behavior further into the shadows and increase risks.

DoEmbrace shadow IT by establishing guidelines for when this

behavior is okay and when it needs to come under IT control.

6 Guidelines for Managing Shadow IT

Application Footprint1)

2) Application Cost

3) Performance Efficiency

Application Duplication4)

5) Data Value

6) Data Security

Application Footprint

If an application exceeds a threshold of 5-10 users, IT needs to at least have visibility into it.

As use continues to grow, IT should take on more complete ownership by bringing it into the appropriate technology stack.

Application Cost

Plain and simple:

If the application costs more than $500 per annum, it needs to be on a corporate credit card and under the management of IT

Performance Efficiency

If an application would integrate well with a particular technology stack and doing so would provide additional advantages by making data more valuable or related tasks more efficient, then it needs to come under IT control.

Application Duplication

Users should not be allowed to pursue new shadow applications if the organization already uses an application that accomplishes the same objectives.

Additionally, if users pursue different shadow applications that serve the same purpose and the total footprint of these applications exceeds the threshold, IT needs to step in.

Data Value

If losing the data in a shadow application will cause material problems for the business, then the application should be managed by IT.

Data Security

Ask:● Will the use of the application

and any lack of firewall protection open IT to vulnerabilities?

● Will the application house data that could cause problems if it falls into the wrong hands?

If the answer to either question is yes, IT needs to take over.

Tackle Shadow IT Head On

Introducing these guidelines can help you embrace shadow IT in a secure way and create meaningful business value.

Once you do, maintain order by keeping an open line of communication with users so that they know you’re there to help.

What else do you need to know about managing shadow IT?

Download the White Paper

Finding a Place for Shadow ITin the Enterprise